<!DOCTYPE html>
<html>
<head>
	<title>留言板</title>
	<meta charset="utf-8">
</head>
<body>
<form method="post" action="">
	留言<input type="text" name="msg">
	<input type="submit" value="提交">
	<hr>
	<?php
		error_reporting(E_ERROR);
		//处理清空
		$txt = $_GET['action'];
		if($txt === 'clear'){
			unlink("xss_chat.txt");
			header("Location: xss_guestbook.php");
		}
		//如果有消息，就加入
		$msg = $_POST['msg'];
		if($msg){
			file_put_contents("xss_chat.txt", "$msg<hr>\n",FILE_APPEND);
		}

		//显示历史消息
		$txt = file_get_contents("xss_chat.txt");
		if($txt){
			echo $txt;
		}
	?>
	<a href='?action=clear'>调试用清空</a>

</form>
</body>
</html>